Security experts from the Israeli security firm Security Joes discovered more than 100 irrigation systems running ICC PRO that were left exposed online without protection. ICC PRO is a top-shelf smart irrigation system designed by Motorola.
The ICC PRO systems were deployed with default factory settings, which don’t have a password for the default user’s account.
To worsen the situation, experts pointed out that it is quite simple to search for these devices exposed on the Internet by using IoT search engines like Shodan.
Once the attacker has gained access to the device, it can perform multiple actions from the control panel, including control the quantity and the pressure of the water delivered to the pumps, deleting users, or change settings.
The experts revealed that the majority of the devices were located in Israel.
Security Joes co-founder Ido Naor reported his findings to CERT Israel last month, which notified Motorola and CERT teams in other countries. CERT Israel also contacted the companies that exposed the irrigation systems online without protection. Motorola also sent a letter to its customers about the risks of exposing irrigation systems online without protection.
The good news is that several organizations started securing their devices, the number of unsecured ICC PRO instances dropped to 78 today.
In April, an attack hit an Israeli water facility attempting to modify water chlorine levels. In June, officials from the Water Authority revealed two more cyber attacks on other facilities in the country.
Two cyber-attacks took place in June and according to the officials, they did not cause any damage to the targeted infrastructure.
One of the attacks hit agricultural water pumps in upper Galilee, while the other one hit water pumps in the central province of Mateh Yehuda.
Israel’s National Cyber Directorate announced to have received reports of cyber attacks aimed at supervisory control and data acquisition (SCADA) systems at wastewater treatment plants, pumping stations and sewage facilities.
(SecurityAffairs – hacking, irrigation systems)